Privacy Policy

Effective Date: August 20, 2025
Last Updated: August 20, 2025

1. Introduction

We built Markmaker because we believe artists deserve tools that respect their work and their privacy. This isn't corporate boilerplate—we mean it.

Asunder ("we," "us," or "our") operates Markmaker, a web-based graphics editor with cloud storage. This Privacy Policy explains how we collect, use, and protect your information when you use our Service.

Key Commitments:

  • We do not sell your personal data to advertisers or third parties
  • We will never use your creative work to train AI models without your explicit permission
  • You maintain ownership and control of your creative work
  • We use industry-standard security measures to protect your data

2. Information We Collect

Personal Information

Authentication Data

When you create an account through our authentication providers, we may receive:

  • User identification information required for authentication
  • Display name and profile information
  • Avatar or profile images
  • Email address (when provided and consented to)

We do not store passwords or access information beyond what is necessary for account creation and management.

Verification Information (When Applicable)

For enhanced service tiers, we may collect:

  • Contact information for verification purposes
  • Verification codes (deleted after successful verification)
  • Verification timestamps and related metadata

Project and Creative Data

Your Creative Work

  • Project files in our supported formats
  • Project metadata (names, creation dates, modification history, file sizes)
  • Automatically generated previews and thumbnails for organization
  • File integrity verification data
  • Project organization and folder structure

Sharing and Collaboration

  • Project sharing preferences and settings
  • Access controls for shared content
  • Public gallery participation (when opted-in)

Technical and Usage Information

Session and Security Data

  • Session management information with appropriate expiration
  • Access logs including timestamps and basic location information
  • Device and browser information for compatibility and security
  • Security tokens and authentication credentials

Service Usage Analytics

We collect usage data to improve our Service:

  • Feature usage patterns and preferences
  • Performance metrics and optimization data
  • Error reports and diagnostic information (containing no personal information)
  • Usage patterns for service optimization

Research Data (De-identified)

We may use de-identified usage data for research purposes:

  • Aggregated usage patterns across users
  • Performance and usability metrics for research
  • Interface design and user experience research
  • This data cannot be linked to individual users or accounts
  • Research findings may be published in academic venues such as ACM CHI, UIST, and other human-computer interaction conferences
  • We do not attempt to re-identify de-identified data

3. How We Use Your Information

Service Provision

  • Authentication: Verify identity and maintain secure sessions
  • Storage and Sync: Manage your creative projects across devices
  • Feature Access: Provide appropriate features based on your service tier
  • Support: Provide customer service and technical assistance

Service Improvement

  • Performance Optimization: Improve application speed and reliability
  • Feature Development: Understand user needs and develop new capabilities
  • Technical Maintenance: Identify and resolve technical issues
  • Security: Detect and prevent fraud, abuse, and unauthorized access

Communication

  • Service Updates: Notify you of new features and important changes
  • Security Communications: Alert you to security-related matters
  • Account Notifications: Inform you of account-related matters
  • Legal Communications: Share required legal notices and policy changes

Research and Development

  • Product Research: Use de-identified data for service improvement research
  • Academic Research: Contribute to academic understanding of digital creativity tools
  • Performance Analysis: Optimize service performance and user experience

4. Legal Basis for Processing

We process your personal data based on:

  • Service Provision: To deliver the services you've requested
  • Legitimate Interests: To improve our services, ensure security, and conduct research
  • Consent: For optional features and research participation
  • Legal Compliance: To meet applicable legal requirements

5. Information Sharing and Disclosure

We DO NOT:

  • Sell your personal data to any third parties
  • Share your creative content without your explicit consent
  • Use your creative work for AI training without your permission
  • Use your content for our marketing without explicit opt-in consent

We DO share information when:

Essential Service Providers

We work with service providers who help operate our Service:

  • Authentication services for account management
  • Cloud infrastructure providers for secure hosting and storage
  • Communication services for verification and notifications when applicable
  • Technical service providers for hosting, content delivery, and infrastructure

All service providers are contractually required to protect your data and use it only for specified purposes.

Legal and Safety Requirements

  • Legal obligations when required by valid legal process
  • Law enforcement for legitimate requests with proper authority
  • Regulatory compliance to meet applicable laws and regulations
  • Safety requirements including mandatory reporting obligations

Security and Platform Protection

  • Terms enforcement to maintain platform integrity
  • Security protection to defend against threats and abuse
  • Fraud prevention to detect and prevent fraudulent activity

User-Controlled Sharing

When you choose to share content:

  • Shared content becomes accessible according to your sharing settings
  • Public content may appear in community features (when opted-in)
  • You control all sharing settings and can modify access at any time
  • We do not claim ownership of your shared content

6. Data Storage and International Transfers

Storage and Processing

  • Primary infrastructure located in secure data centers
  • Backup storage may be distributed across multiple regions for reliability
  • Content delivery may involve global distribution for performance

International Transfers

When data is transferred across borders, we implement appropriate safeguards:

  • Standard contractual clauses for international data protection
  • Adequacy decisions where available
  • Additional safeguards as required by applicable law
  • Your consent when required

7. Data Retention

Active Data

  • Account information retained while your account is active
  • Creative projects stored according to your account settings
  • Session data with automatic expiration for security
  • Technical logs retained for reasonable periods for security and optimization

Data After Deletion

  • Deleted projects may be recoverable for a limited period before permanent removal
  • Account deletion results in permanent removal of personal data within reasonable timeframes
  • Backup systems purged according to technical requirements
  • De-identified research data may be retained for legitimate research purposes

Retention Guidelines

We retain data only as long as necessary for:

  • Providing our services to you
  • Meeting legal and regulatory requirements
  • Protecting our ability to operate (e.g., fraud prevention, security logs)
  • Supporting ongoing research (in de-identified form)

8. Your Rights and Controls

Account Management

  • Access your information through your account settings
  • Update your profile and account preferences
  • Delete your account and associated data
  • Export your projects in standard formats

Privacy Controls

  • Content visibility settings for your projects
  • Sharing management for collaborative features
  • Communication preferences for notifications and updates
  • Data processing controls where applicable

Legal Rights (By Jurisdiction)

For EU Users

  • Access your personal data
  • Correct inaccurate information
  • Delete your personal data
  • Data portability in machine-readable formats
  • Object to certain processing activities
  • Restrict processing in specific circumstances

For California Users

  • Know what personal information we collect and use
  • Delete your personal information
  • Correct inaccurate personal information
  • Opt-out of data sales (we don't sell data)
  • Non-discrimination for exercising privacy rights

Other Jurisdictions

We provide appropriate rights as required by local privacy laws.

Exercising Your Rights

To exercise privacy rights:

  1. Contact us through the methods provided below
  2. Include sufficient information to verify your identity
  3. Specify your request clearly
  4. Allow reasonable time for processing

We will respond within timeframes required by applicable law.

9. Cookies and Tracking

Essential Technologies

We use technologies necessary for service functionality:

  • Session management for account security and functionality
  • Security measures for protection against threats
  • User preferences to remember your settings
  • Performance optimization for service improvement

Managing Cookies

You can control cookies through browser settings, though disabling essential cookies may limit service functionality.

10. Data Security

Security Measures

We implement comprehensive security practices:

  • Data encryption in transit and at rest using industry standards
  • Access controls with limited access on a need-to-know basis
  • Authentication systems with appropriate security measures
  • Monitoring systems for threat detection and response
  • Regular security assessments and improvements

Incident Response

In case of security incidents:

  • Immediate response to contain and assess incidents
  • User notification when required by law or when accounts may be affected
  • Authority notification as required by applicable regulations
  • Remediation measures to prevent future incidents
  • Transparency about what happened and our response

Your Security Role

  • Account security through strong authentication practices
  • Device security by keeping systems updated
  • Suspicious activity reporting for unauthorized access
  • Safe usage practices on shared or public devices

11. Children's Privacy

Age Requirements

  • Minimum age of 13 years to use our Service
  • Parental guidance recommended for users under 18
  • No targeting of children under 13

Child Data Protection

If we discover data collection from children under 13:

  • Immediate account deletion and data removal
  • Parental notification when possible
  • No marketing to children under 13

12. Changes to This Policy

Update Process

When we update this Privacy Policy:

  • Advance notification for material changes
  • Clear communication about what has changed
  • Version management to track policy evolution
  • Appropriate timing for changes to take effect

Types of Updates

  • Material changes may require explicit consent
  • Clarifications and non-material updates take effect automatically
  • Legal updates may take effect as required by law

13. Contact Information

Privacy Questions

For questions about this Privacy Policy, contact us at [email protected]

Data Rights Requests

To exercise your privacy rights, include account identification and specific request details.

14. Regulatory Information

For users in the EU: If you believe we have not adequately addressed your privacy concerns, you may contact your local data protection authority.

This Privacy Policy is part of our Terms of Service. By using Markmaker, you acknowledge that you understand how we collect, use, and protect your information.